English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75096 CVE descriptions
and 39644 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.55634
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-205-1 (wget)
Summary:Ubuntu USN-205-1 (wget)
Description:
The remote host is missing an update to wget
announced via advisory USN-205-1.

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected: libcurl2 libcurl3 wget

A buffer overflow has been found in the NTLM authentication handler of
the Curl library and wget. By tricking an user or automatic system
that uses the Curl library, the curl application, or wget into
visiting a specially-crafted web site, a remote attacker could exploit
this to execute arbitrary code with the privileges of the calling
user.

The Ubuntu 4.10 and 5.04 versions of wget are not affected by this.

Solution:
The problem can be corrected by upgrading the affected package to the
following versions:

Ubuntu 4.10:
libcurl2 7.12.0.is.7.11.2-1ubuntu0.2

Ubuntu 5.04:
libcurl2 1:7.11.2-12ubuntu3.2
libcurl3 7.12.3-2ubuntu3.2

Ubuntu 5.10:
libcurl3 7.14.0-2ubuntu1.1
wget 1.10-2ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes. However, if you have the Apache web server
installed, you need to restart it with

sudo /etc/init.d/apache2 restart

to make sure that Apache uses the updated Curl library.
http://www.securityspace.com/smysecure/catid.html?in=USN-205-1

Risk factor : High
Cross-Ref: BugTraq ID: 15647
BugTraq ID: 15102
Common Vulnerability Exposure (CVE) ID: CVE-2005-3185
http://www.idefense.com/application/poi/display?id=322&type=vulnerabilities
http://docs.info.apple.com/article.html?artnum=302847
Debian Security Information: DSA-919 (Google Search)
http://www.debian.org/security/2005/dsa-919
http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00055.html
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html
http://www.gentoo.org/security/en/glsa/glsa-200510-19.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:182
http://www.redhat.com/support/errata/RHSA-2005-807.html
http://www.redhat.com/support/errata/RHSA-2005-812.html
SCO Security Bulletin: SCOSA-2006.10
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.519010
SuSE Security Announcement: SUSE-SA:2005:063 (Google Search)
http://www.novell.com/linux/security/advisories/2005_63_wget_curl.html
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
http://www.ubuntulinux.org/support/documentation/usn/usn-205-1
http://www.securityfocus.com/bid/15102
http://www.securityfocus.com/bid/15647
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9810
http://www.vupen.com/english/advisories/2005/2125
http://www.vupen.com/english/advisories/2005/2088
http://www.vupen.com/english/advisories/2005/2659
http://www.osvdb.org/20011
http://securitytracker.com/id?1015056
http://securitytracker.com/id?1015057
http://secunia.com/advisories/17192
http://secunia.com/advisories/17400
http://secunia.com/advisories/17403
http://secunia.com/advisories/17813
http://secunia.com/advisories/17193
http://secunia.com/advisories/17247
http://secunia.com/advisories/17320
http://secunia.com/advisories/17297
http://secunia.com/advisories/17208
http://secunia.com/advisories/17485
http://secunia.com/advisories/17965
http://secunia.com/advisories/19193
http://secunia.com/advisories/17203
http://secunia.com/advisories/17228
http://securityreason.com/securityalert/82
XForce ISS Database: wget-curl-ntlm-username-bo(22721)
http://xforce.iss.net/xforce/xfdb/22721
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 39644 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.